During her presentation at the inaugural Dev Summit Munich, Danielle Soday, Security Operations Lead at Deliveroo, explored the basics of cloud security posture management (CSPM), highlighting how a single misconfiguration can compromise your company's security. She stressed the importance of bridging the gap between the different layers of the organization, from governance to technology.
Sodai began her presentation by reviewing the most significant data breaches in recent history, emphasizing that some were caused by misconfigurations that seemed as innocent and small as a security flaw within a set of data.
After refreshing cybersecurity terminology, Al-Sadi defined CSPM as
…a technology that helps identify misconfigurations by using their metadata to identify potential threats that lead to actual breaches.
It describes its lifecycle as inventory (i.e. attributes related to cloud infrastructure security, including rules, policies, and tools), scanner (tool that analyzes any event that occurs in the infrastructure allowing identification changes over time), and detection (identification in an inventory of exposed components based on on the events extracted during detection), notification (alert mechanisms that indicate possible error to users) and enforcement (modeling mechanisms that facilitate improvement of the security posture), suggesting that the secret lies in the cooperation between the various technical functions of the organization.
By asking the right questions, you can identify potential threats to your infrastructure and mitigate potential risks to your organization.
Even if vulnerabilities exist, it doesn't necessarily mean you'll be affected, so to measure the potential impact and likelihood of a threat, Sodai points to several organizations and criteria that can be used:
Voluntary frameworks provided by the National Institute of Standards and Technology (NIST) Information security standards provide guidance and best practices (ISO 27001 and 27002) SOC2 defines standards for customer data management based on five “trust service principles” – security, availability, processing integrity, confidentiality, and privacy. HIPPA focuses on protecting electronic protected health information (GDPR) is a European Union law that sets guidelines for the collection, processing and storage of personal data. It ensures individuals' privacy and gives them control over their data.
Using the frameworks above or others, you can determine measures for your company depending on your most critical assets. This way, you can activate only the things that are most important to your organization, while deciding to ignore the irrelevant things.
Implementing cloud security posture monitoring will increase your organization's transparency and visibility into potential cybersecurity risks, allowing you to quickly identify and fix the root cause of current threats. Furthermore, integrating it into your DevOps ecosystem will give you a unified alerting system across the organization, allowing you to have fast response times regardless of the nature of the disruption in your system. And last but not least, by bridging the gap between the administrative side and the technical side, you are sure to react in situations that matter most to your organization.
